If information about an individual a vendor serves is ever lost, stolen or received by anyone who is not that person or that persons legally authorize representative, the California Department of Developmental Services (DDS) considers that a “security breach.” Anytime there is a security breach of information possessed by a vendor, DDS requires the vendor to both notify the person whose information was breached (or their legally authorized representative) by letter, as well as the Regional Center using form DS 5340. The letter sent to the individual needs to be sent within 60 days of the discovery of the breach and a copy needs to be sent to the Regional Center.
If you have any questions, please contact Seth Mader, San Diego Regional Center’s Information Security Officer.
Template – Notification Letter – Word Document
Breach Report Form (DS5340) – Secure Electronic Signature